Schema-design for SQL Server: recommendations for Schema design with security in mind

/0 Comments/in
Introduction This article picks up a topic I have been teaching time and again in seminars, at conferences and in forums for many years: Schema-Design. Here, schema does not mean the database schema with its tabular design but rather the “database object schemas,” also described as Namespace.
Read more

SQLKonferenz in Darmstadt: Presenting the Security Features of SQL Server 2016 with the program manager of the security-teams from Redmond

/in , , , , ,
This year, from 23 to 25 February, the 3rd ”SQLKonferenz” takes place in Darmstadt. And this year represents a particular peak for me in two regards: For one, my company, Sarpedon Quality Lab®, is for the first time Silver Sponsor of the conference. In this way, I am supporting PASS Deutschland e.V., the German SQL […]
Read more

Security-Fixes for SQL Server and why Security Best Practices Matter

/0 Comments/in ,
With 14 July 2015, quite precisely one year after the first security bugs in 5 years had to be fixed, we have been given a new reason to test one’s security patching policy. – Provided that you have such a policy for SQL Server.
Read more

SQL Server 2016 – the Security & Performance Release

/2 Comments/in , , ,
The news broke in early May: That’s when Satya Nadella presented SQL Server 2016 at the Microsoft Ignite-Conference in Chicago. I can already say that SQL Server 2016 will be one of the most exciting releases in recent years. And that’s because this time it’s clearly focused on security. Next to performance features, security features […]
Read more

My conference sessions in 2015: from Extended Events over In-Memory to Security

/in , , , , , , ,
Finally I get to write about my conference-talks in 2015. The year started really great with the German SQL Server Konferenz in Darmstadt with 2 sessions on In-Memory OLTP in SQL Server 2014 – one of them being even a full-day PreCon, which I co-presented with Niko Neugebauer, who was talking about Clustered ColumnStore Indexes.
Read more

SQL Server Database Ownership: survey results & recommendations

/10 Comments/in , ,
You may remember the survey on database ownership which I launched several months ago. In the following, I am now presenting the results and giving my official recommendation for a best practice for security in terms of database ownership. First, if you still need the script:
Read more

New Permissions in SQL Server 2014: IMPERSONATE ANY LOGIN, SELECT ALL USER SECURABLES, CONNECT ANY DATABASE and the old CONTROL SERVER

/0 Comments/in ,
SQL Server 2014 brings altogether 5 new permissions. Two of those are on database level and only available in the Windows Azure SQL Database Edition – not in the box-version.
Read more

DISABLE and DENY LOGIN, DENY USER & Effect on Impersonation and Permissions

/0 Comments/in
A short article on the effects – or missing effects – regarding the disabling & denying connect of Logins & Users on impersonation and permission. Every once in a while one can observe that Logins or Users have been denied the Connect permission or a Login has been disabled. Therefore a correct expectation and understanding […]
Read more

SQL Server Row- and Cell-Level Security – Disclosure vulnerability

/1 Comment/in
It’s time for another post on security matters. And through a forum-thread on data-driven security by the means of views using the IS_MEMBER(), USER_NAME(), SUSER_SNAME() – functions, I came up with the idea of giving a short example how such constructs can easily be circumvented and the protected/hidden data become disclosed, when not being secured […]
Read more

Security-Check-Script & Survey: SQL Server Security – Database-Owners, critical Permissions and role membership

/2 Comments/in , ,
In this survey, I would like to explore in a greater radius which accounts are typically used as database owners. I will subsequently publish the cumulated results here to share them with the community together with some recommendations for hardening security. In this instance, particular server-wide permissions both of the used account as well as, […]
Read more